US20030070084A1 - Managing a network security application - Google Patents

Managing a network security application Download PDF

Info

Publication number
US20030070084A1
US20030070084A1 US09/973,561 US97356101A US2003070084A1 US 20030070084 A1 US20030070084 A1 US 20030070084A1 US 97356101 A US97356101 A US 97356101A US 2003070084 A1 US2003070084 A1 US 2003070084A1
Authority
US
United States
Prior art keywords
user interface
network security
security application
management user
management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US09/973,561
Other versions
US7392537B2 (en
Inventor
Jari Satomaa
Hannu Pudas
Mika Jalava
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Forcepoint LLC
Forcepoint Federal Holdings LLC
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to US09/973,561 priority Critical patent/US7392537B2/en
Assigned to STONESOFT OY reassignment STONESOFT OY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: JALAVA, MIKA, PUDAS, HANNU, SATOMAA, JARI
Priority to EP02396151A priority patent/EP1300984A3/en
Publication of US20030070084A1 publication Critical patent/US20030070084A1/en
Application granted granted Critical
Publication of US7392537B2 publication Critical patent/US7392537B2/en
Assigned to WEBSENSE FINLAND OY reassignment WEBSENSE FINLAND OY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: STONESOFT OY
Assigned to FORCEPOINT FINLAND OY reassignment FORCEPOINT FINLAND OY CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: WEBSENSE FINLAND OY
Assigned to FORCEPOINT LLC reassignment FORCEPOINT LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: FORCEPOINT FINLAND OY
Assigned to RAYTHEON COMPANY reassignment RAYTHEON COMPANY PATENT SECURITY AGREEMENT SUPPLEMENT Assignors: FORCEPOINT LLC
Assigned to FORCEPOINT LLC reassignment FORCEPOINT LLC RELEASE OF SECURITY INTEREST IN PATENTS Assignors: RAYTHEON COMPANY
Assigned to CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT reassignment CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT PATENT SECURITY AGREEMENT Assignors: FORCEPOINT LLC, RedOwl Analytics, Inc.
Assigned to FORCEPOINT FEDERAL HOLDINGS LLC reassignment FORCEPOINT FEDERAL HOLDINGS LLC CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: FORCEPOINT LLC
Assigned to FORCEPOINT LLC reassignment FORCEPOINT LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: FORCEPOINT FEDERAL HOLDINGS LLC
Adjusted expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications

Definitions

  • the invention relates in general to network security.
  • the invention relates to managing a network security application, such as a firewall, security gateway, Intrusion Detection System (IDS) or Virtual Private Network (VPN) gateway.
  • a network security application such as a firewall, security gateway, Intrusion Detection System (IDS) or Virtual Private Network (VPN) gateway.
  • IDS Intrusion Detection System
  • VPN Virtual Private Network
  • Public networks are presently being used more and more for sensitive and mission critical communications and the internal networks of various organisations and enterprises are nowadays connected to the public networks, Internet being one of them. Since the basic mechanisms of the public networks were originally not designed with secrecy and confidentiality In mind, public networks are untrusted networks.
  • a special network application or device is usually used to connect the internal network to a public network.
  • This special network application is often called a security gateway or a firewall, and the purpose of a such network application is to prevent unauthorised access to the internal network.
  • VPN Virtual private network
  • All traffic from a first party to a second party is encrypted by a VPN application of the first party, sent in encrypted form over the public network to the second party, where a VPN application decrypts the transmitted data and forwards the decrypted data to the recipient.
  • the VPN is typically transparent to the processes that are communicating between each other and the encryption and decryption depend on the configuration of the VPN applications.
  • the above described network security applications cannot keep an effective security by themselves.
  • the network security applications need to be carefully installed and configured, and the security policy needs to be evaluated and updated regularly, if the security application includes such security policy (e.g. VPN applications may not include a security policy).
  • VPN applications may not include a security policy.
  • the contemporary development towards very complicated networks that need to have multiple user interfaces with the Internet for VPN (Virtual Private Network), the remote access, the e-business, the cache servers, etc. has increased the demands for administrative skills.
  • the surrounding network environment is fast changing and the updates need to be done in real time, detected flaws in the configuration and failures in the network security application operation need to be fixed as soon as possible in order to maintain required security level, connectivity and service availability.
  • the needs of the users may change over time and user information may need to be added or removed or modified.
  • Network security applications are often managed by a remote (fixed network) management system using a network connection and secured (encrypted) communication.
  • the network security applications communicates with the management system, sending performance statistics, status information, alarms, and log data, while receiving policy updates and configuration changes.
  • the management system may be part of the network security application or it may be a separate process, and a plurality of network security applications may be managed using one management system.
  • the management user interface may be remotely connected to the management system and/or the network security application.
  • network security application is used in this description for referring to any network security application or to a cluster of any network security applications, which are managed via a management user interface.
  • the management user interface may be separate from the application itself or part of the application.
  • a network security application may be, for example, a firewall node, a firewall node provided with Virtual Private Network (VPN) functionality, a network monitoring node, a virus scanning application or an IDS node.
  • VPN Virtual Private Network
  • FIG. 1 illustrates an example network topology with a first internal network 102 , a second internal network 104 and Internet 100 .
  • the internal networks 102 , 104 are connected to the Internet 100 via firewalls 108 and 108 , respectively. Additionally, there is an IDS device 110 connected to the internal network 104 .
  • the IDS device 110 monitors the data packets entering and exiting the internal network 104 .
  • Any of the network devices 106 , 108 , 110 may be implemented as one network node or as a cluster of network nodes. Then, there is a management user interface in computer 112 connected to the internal network 104 . If internal networks 104 and 102 belong to the same organisation, all network devices 106 , 108 , 110 may be managed and configured using this management user interface 112 , however typically there would be separate management user interfaces for the IDS device and firewalls.
  • the actual management system may reside in the computer 112 and act as a central management system for the two firewalls, for example. Alternatively, the management system may be integral part of the firewalls.
  • the management user interface and a central management system are in a fixed computer or work station connected to an internal network (or a plurality of such computers or work stations) and the connection between the management user interface and the network security applications Is a fixed connection.
  • the reason for this is security (accessing the management system only from a physically secure location) and the fact that the management application is a complex application and running it for example over a conventional modem connection might be very slow.
  • this fixed computer or work station needs to be physically accessed in order to manage the managed applications.
  • the management user interface needs to be monitored.
  • the management system is commonly arranged to generate an alarm message, for example on a computer screen of a management user interface, as a response to predetermined (suspicious/malicious) actions or failures and therefore the output of the network security applications does not need to be analysed constantly.
  • finding and fixing the conditions causing the alarm to go off requires human intervention, and therefore the alarms generated by the network security applications need to be monitored, by system administrators.
  • the network security applications are commonly arranged to send alarms for example to a predetermined pager device or as an SMS (Short Message Service) message to a predetermined mobile phone.
  • a predetermined pager device or as an SMS (Short Message Service) message to a predetermined mobile phone.
  • Such pager device or mobile phone is typically carried with some administrator of the network security applications in order to receive the alarms instantly without somebody having to sit by the management user interface at all times.
  • the alarm is only a short message indicating that something is wrong and the administrator receiving the alarm may not be even close to the management system or user interface, and therefore processing the alarm still needs the administrator to get to the management user interface in order to find out the reason for the alarm and to fix the situation.
  • An object of the invention is to provide a flexible method for managing network security applications, which avoids or alleviates the above mentioned problems.
  • the object is achieved according to the invention with an arrangement disclosed in the attached independent claim.
  • Preferred embodiments of the invention are disclosed in the dependent claims.
  • the features described in one dependent claim may be further combined with features described in another dependent claim to produce further embodiments of the invention.
  • the idea of the invention is to provide for managing a network security application a limited management user Interface in addition to the management user interface known in prior art.
  • an arrangement for managing a network security application comprising:
  • a limited management user interface for conducting a limited number of management operations of the full management user interface for the network security application over a wireless remote connection.
  • a network security application managed via a full management user interface which comprises mechanisms for conducting management operations for the network security application, wherein the network security application is arranged to be managed also via a limited management user interface comprising mechanisms:
  • the invention provides means for managing network security applications irrespective of the physical location of the person conducting management operations.
  • a network security application administrator has a possibility to flexibly update configuration of a firewall with a mobile terminal without having to access the full (usually fixed network) management user interface.
  • the actions requiring timely response may be generated by the application to be managed or by people using the application.
  • the application may fail, a hostile intrusion may be detected or somebody may have legitimate problems in accessing some service or network and may require changing the access rights.
  • the limited management user interface enables an administrator to temporarily delegate rights to conduct some operation.
  • the administrator may be on holiday, when something urgent needs to be done, and it is much more convenient for the administrator to be able to delegate necessary rights temporarily to someone else than to do the job himself/herself during holiday.
  • the initial configuration of the network security applications is conducted by using the full management user interface, since initial configuration usually requires some background work and, considering timely response, is not as critical as fixing problems or security flaws in already configured and running network security applications.
  • the management operations that are usually required to be done as timely response to an alarm or to a user request, are included in the limited management system.
  • Such operations do not require large amounts of data to be transmitted between the management user interface and the network security application and are therefore well-suited for being conducted over a wireless communication channel and by using a mobile terminal having limited capabilities in comparison to a general use computer.
  • the limited management user interface provides possibility to fix minor problems or make modifications fast as only some of the full management user interface functionality is included.
  • FIG. 1 illustrates an example network topology
  • FIGS. 2A and 2B illustrate example network topologies according to the invention.
  • FIG. 3 illustrates still other example network topology according to the invention
  • FIG. 1 is discussed in more detail above in connection with the prior art description.
  • FIG. 2A illustrates an example network topology according to the invention.
  • the second internal network 104 of FIG. 1 has a firewall 108 connecting it to the Internet 100 .
  • a computer 112 with a full management user interface, using which the firewall 108 is managed
  • the management user interface in computer 112 is the full management user interface according to the invention and is connected to the firewall by means of a fixed data connection.
  • the limited management user interface according to the invention is provided by means of a wireless device 200 , which is connected to a wireless network 202 , which may be any wireless communication network, such as GSM (Global System for Mobile communications), CDMA (Code-Division Multiple Access), US-TDMA (Time-Division Multiple Access), GPRS (General Packet Radio Service), WLAN (Wireless Local Area Network) or UMTS (Universal Mobile Telecommunications System) network.
  • the wireless device 200 may be for example a general purpose mobile phone or a PDA (Personal Digital Assistant) or any future coming mobile terminal.
  • a wireless data device 208 Connected to the firewall 108 , there is a wireless data device 208 , the wireless data device 208 providing the connection from the firewall 108 to the wireless network 202 .
  • the wireless data device may be for example a general purpose mobile phone or just a black box containing functionality for sending and receiving data over air interface and for communicating data to and from the firewall.
  • FIG. 2B illustrates another example network topology according to the invention, where the scenario shown in FIG. 2A is illustrated with some alternative paths to connect the firewall to the wireless device 200 providing the limited management user interface are presented.
  • These alternative paths include: connecting the wireless device 200 to the firewall 108 via the wireless network 202 and further via Internet 100 , an ISDN (Integrated Services Digital Network) line 204 and modem 224 or a PSTN (Public Switched Telephone Network) line 206 and modem 224 , while the Internet, ISDN line and PSTN line provide connection from the firewall 108 to the wireless network 202 .
  • ISDN Integrated Services Digital Network
  • PSTN Public Switched Telephone Network
  • FIG. 3 illustrates a more detailed presentation of an example arrangement according to the invention.
  • a firewall application 222 is connected to the wireless device 200 providing the limited management user interface via the wireless data device 208 and wireless network 202 in a similar manner to FIGS. 2A and 2B.
  • the firewall module 220 which Is a module providing the actual firewall functionality, is connected to a Web server module 216 , which is logically connected to an interface module 210 via a SMS Gateway (GW) module 212 or a WAP (Wireless Application Protocol) Gateway module 214 .
  • GW SMS Gateway
  • WAP Wireless Application Protocol
  • These elements 220 , 216 , 210 , 212 and 214 can be implemented as one application running in one computer or other suitable device or every module (or some of the modules) may be implemented as separate applications and may be run in separate devices as well.
  • the interface module 210 is further connected to the wireless device 200 in the same way as shown and discussed in connection with FIG. 2A.
  • the purpose of the interface module 210 is to establish connection between the wireless data device 208 and the firewall module 220 .
  • the connection between the wireless data device 208 and the interface module may be for example by serial cable (RS-232).
  • the interface module 210 receives data received and forwarded by the wireless data device 208 .
  • the interface module includes functionality for identifying the incoming traffic so that it can forward data according to WAP protocol to WAP GW, SMS data to SMS GW and HTTP (HyperText Transfer Protocol) data straight to the Web server module 216 .
  • the SMS GW In order to send an SMS message to the limited management user interface in the wireless device 200 the SMS GW composes AT commands for commanding the wireless data device via the interface module 210 .
  • AT commands are well known commands for controlling modems.
  • These commands are only forwarded to the wireless data device by the interface module.
  • Main purpose of the WAP GW 214 is to transfer data between different protocols, that is, to adapt WAP and HTTP protocol stacks to each other.
  • the WAP GW includes modules for transferring WAP content from the wireless data device to HTTP content for the Web server module and for transferring HTTP content from the Web server module to WAP content for the wireless data device.
  • the WAP GW is not needed if the Web server module understands WAP protocols and WML (Wireless Markup Language) used in WAP.
  • SMS GW 212 transform data from the web server module to a format suitable for an SMS connection and vice versa.
  • the Web server module provides WAP and HTTP content to the wireless data device via interface module and SMS or WAP GW.
  • the Web server module may communicate with the firewall module 220 by using cgi-bin queries. Alternatively, there may be a dedicated application protocol between the firewall module and the Web server module.
  • the device may be general purpose mobile terminal, which is used for other purposes as well, it is possible that also somebody else than the legitimate administrator of the network security application has access to the device. Therefore, it must be verified that the device sending the management commands is legitimate and that the user of the device is legitimate.
  • the network security application may comprise mechanisms for authenticating the wireless device used for limited management and the person using said wireless device in the messages received from the limited management user interface to the network security application.
  • the operations included in the limited managemenet user interface may be configured via the full management user interface.
  • the full management user interface may comprise management operations for configuring the limited management user interface.
  • the persons sending the messages need to authenticate themselves in each message, for example by means of a pin (personal identification number) code, a Secur ID-card or by using a SIM (Subscriber Identification Module) card with encryption capabilities, such as PKI (Public Key Infrastructure) SIM, which uses asymmetric encryption (key pair of public and private key).
  • a pin personal identification number
  • Secur ID-card or by using a SIM (Subscriber Identification Module) card with encryption capabilities, such as PKI (Public Key Infrastructure) SIM, which uses asymmetric encryption (key pair of public and private key).
  • SIM Subscriber Identification Module
  • the management operations included in the limited management user interface may include receiving and acknowledging alerts.
  • Sending alerts to a wireless device as a response to a predefined situation is known already in prior art, but there has not been possibility to acknowledge the alerts, therefore the alert may have been sent to a plurality of recipients or a plurality of times to each recipient in order to verify receipt of the alert.
  • the limited management user interface comprises management operations for acknowledging receipt of an alarm, that is, received alarms are acknowledged via the limited management user interface and after the acknowledgement the firewall “knows” that the alarm has been received.
  • Legitimacy of the acknowledgement may be verified by including in the acknowledgement message an acknowledgement code obtained from the respective alert for binding together the alarm and the acknowledgement and for example a pin code identifying the person sending the acknowledgement. Also more secure authentication may be used for some management operations. For example PKI SIM may be used.
  • the network security applications usually generate and store log data in order to provide users an audit trail of the actions taken and things that have happened.
  • Log data can be used for finding problems or detecting security flaws, etc.
  • the administrator of the network security application needs to explore the log data.
  • the log data is filtered in order to find out the entries that are useful for solving a particular problem.
  • the limited management user interface may comprise a management action in which the administrator (or the user of the limited management user interface) may specify, how the log data is to be filtered, or the data may be filtered automatically on the basis of the details of a related alarm.
  • the full management user interface comprises full scale of management operations for setting initial configuration of the network security application and for updating or modifying configuration of the network security application
  • the limited management user interface comprises management operations for updating or modifying configuration of the network security application, but not for setting initial configuration of the network security application.
  • the network security application may be implemented as a suitable combination of hardware and software. Typically the implementation is software program code executed in a processor unit combined with suitable memory resources.
  • the limited management user interface may be provided in the wireless device for example by means of a dedicated application or via a general purpose browser, such as a web browser or a micro browser.

Abstract

The invention provides an arrangement for managing a network security application comprising a full management user interface for conducting management operations for the network security application, and a limited management user interface for conducting a limited number of management operations of the full management user interface for the network security application over a wireless remote connection.

Description

    BACKGROUND OF THE INVENTION
  • The invention relates in general to network security. In particular the invention relates to managing a network security application, such as a firewall, security gateway, Intrusion Detection System (IDS) or Virtual Private Network (VPN) gateway. [0001]
  • Public networks are presently being used more and more for sensitive and mission critical communications and the internal networks of various organisations and enterprises are nowadays connected to the public networks, Internet being one of them. Since the basic mechanisms of the public networks were originally not designed with secrecy and confidentiality In mind, public networks are untrusted networks. To protect an internal network, a special network application or device is usually used to connect the internal network to a public network. This special network application is often called a security gateway or a firewall, and the purpose of a such network application is to prevent unauthorised access to the internal network. Typically there is need to restrict access to an internal network from a public network and/or to restrict access from the internal network to the public network or further networks connected to the public network. [0002]
  • In addition to security gateways and firewalls there is a plurality of other network security applications. For example, in intrusion detection systems (IDS) the traffic (data packets) flowing in a network is monitored and analysed in order to detect malicious or unauthorized actions in the network. Virtual private network (VPN) applications are used for connecting trusted parties to each other over untrusted public network through a secure tunnel. All traffic from a first party to a second party is encrypted by a VPN application of the first party, sent in encrypted form over the public network to the second party, where a VPN application decrypts the transmitted data and forwards the decrypted data to the recipient. The VPN is typically transparent to the processes that are communicating between each other and the encryption and decryption depend on the configuration of the VPN applications. [0003]
  • However, the above described network security applications cannot keep an effective security by themselves. The network security applications need to be carefully installed and configured, and the security policy needs to be evaluated and updated regularly, if the security application includes such security policy (e.g. VPN applications may not include a security policy). The contemporary development towards very complicated networks that need to have multiple user interfaces with the Internet for VPN (Virtual Private Network), the remote access, the e-business, the cache servers, etc. has increased the demands for administrative skills. Moreover, the surrounding network environment is fast changing and the updates need to be done in real time, detected flaws in the configuration and failures in the network security application operation need to be fixed as soon as possible in order to maintain required security level, connectivity and service availability. Also, the needs of the users may change over time and user information may need to be added or removed or modified. [0004]
  • Because the human factor plays a key role in failures of network security applications and security policies, it is important for a network security application and a system of network security applications to be easily administrable. Network security applications are often managed by a remote (fixed network) management system using a network connection and secured (encrypted) communication. The network security applications communicates with the management system, sending performance statistics, status information, alarms, and log data, while receiving policy updates and configuration changes. The management system may be part of the network security application or it may be a separate process, and a plurality of network security applications may be managed using one management system. Typically, there is a management user interface, via which the applications are managed. The management user interface may be remotely connected to the management system and/or the network security application. [0005]
  • The term network security application is used in this description for referring to any network security application or to a cluster of any network security applications, which are managed via a management user interface. The management user interface may be separate from the application itself or part of the application. A network security application may be, for example, a firewall node, a firewall node provided with Virtual Private Network (VPN) functionality, a network monitoring node, a virus scanning application or an IDS node. [0006]
  • FIG. 1 illustrates an example network topology with a first [0007] internal network 102, a second internal network 104 and Internet 100. The internal networks 102, 104 are connected to the Internet 100 via firewalls 108 and 108, respectively. Additionally, there is an IDS device 110 connected to the internal network 104.
  • The [0008] IDS device 110 monitors the data packets entering and exiting the internal network 104. Any of the network devices 106, 108, 110 may be implemented as one network node or as a cluster of network nodes. Then, there is a management user interface in computer 112 connected to the internal network 104. If internal networks 104 and 102 belong to the same organisation, all network devices 106, 108, 110 may be managed and configured using this management user interface 112, however typically there would be separate management user interfaces for the IDS device and firewalls. The actual management system may reside in the computer 112 and act as a central management system for the two firewalls, for example. Alternatively, the management system may be integral part of the firewalls.
  • Typically the management user interface and a central management system are in a fixed computer or work station connected to an internal network (or a plurality of such computers or work stations) and the connection between the management user interface and the network security applications Is a fixed connection. The reason for this is security (accessing the management system only from a physically secure location) and the fact that the management application is a complex application and running it for example over a conventional modem connection might be very slow. On the other hand, this means that this fixed computer or work station needs to be physically accessed in order to manage the managed applications. Thus, in order to react to information provided by the network security applications the management user interface needs to be monitored. The management system is commonly arranged to generate an alarm message, for example on a computer screen of a management user interface, as a response to predetermined (suspicious/malicious) actions or failures and therefore the output of the network security applications does not need to be analysed constantly. However, finding and fixing the conditions causing the alarm to go off requires human intervention, and therefore the alarms generated by the network security applications need to be monitored, by system administrators. [0009]
  • The network security applications are commonly arranged to send alarms for example to a predetermined pager device or as an SMS (Short Message Service) message to a predetermined mobile phone. Such pager device or mobile phone is typically carried with some administrator of the network security applications in order to receive the alarms instantly without somebody having to sit by the management user interface at all times. However, the alarm is only a short message indicating that something is wrong and the administrator receiving the alarm may not be even close to the management system or user interface, and therefore processing the alarm still needs the administrator to get to the management user interface in order to find out the reason for the alarm and to fix the situation. [0010]
  • It would be beneficial for the administrator to be able to fix the problem right away when receiving the alarm and therefore to be able to manage the network security applications in a more flexible manner and to respond to failures more rapidly. [0011]
  • SUMMARY OF THE INVENTION
  • An object of the invention is to provide a flexible method for managing network security applications, which avoids or alleviates the above mentioned problems. The object is achieved according to the invention with an arrangement disclosed in the attached independent claim. Preferred embodiments of the invention are disclosed in the dependent claims. The features described in one dependent claim may be further combined with features described in another dependent claim to produce further embodiments of the invention. [0012]
  • The idea of the invention is to provide for managing a network security application a limited management user Interface in addition to the management user interface known in prior art. [0013]
  • According to the invention there is provided an arrangement for managing a network security application comprising: [0014]
  • a full management user interface for conducting management operations for the network security application, and [0015]
  • a limited management user interface for conducting a limited number of management operations of the full management user interface for the network security application over a wireless remote connection. [0016]
  • Further there is provided a network security application managed via a full management user interface, which comprises mechanisms for conducting management operations for the network security application, wherein the network security application is arranged to be managed also via a limited management user interface comprising mechanisms: [0017]
  • for conducting limited number of management operations of the full management user interface for the network security application over a wireless remote connection. [0018]
  • The invention provides means for managing network security applications irrespective of the physical location of the person conducting management operations. For example, a network security application administrator has a possibility to flexibly update configuration of a firewall with a mobile terminal without having to access the full (usually fixed network) management user interface. The actions requiring timely response may be generated by the application to be managed or by people using the application. The application may fail, a hostile intrusion may be detected or somebody may have legitimate problems in accessing some service or network and may require changing the access rights. [0019]
  • In addition, the limited management user interface enables an administrator to temporarily delegate rights to conduct some operation. For example, the administrator may be on holiday, when something urgent needs to be done, and it is much more convenient for the administrator to be able to delegate necessary rights temporarily to someone else than to do the job himself/herself during holiday. [0020]
  • Still, the initial configuration of the network security applications is conducted by using the full management user interface, since initial configuration usually requires some background work and, considering timely response, is not as critical as fixing problems or security flaws in already configured and running network security applications. This way not all the functionality of the full management user interface needs to be transferred to the limited management user interface. The management operations, that are usually required to be done as timely response to an alarm or to a user request, are included in the limited management system. Usually, such operations do not require large amounts of data to be transmitted between the management user interface and the network security application and are therefore well-suited for being conducted over a wireless communication channel and by using a mobile terminal having limited capabilities in comparison to a general use computer. Thus, the limited management user interface provides possibility to fix minor problems or make modifications fast as only some of the full management user interface functionality is included. [0021]
  • In addition, using wireless communication channel for delivering alarms and critical fixes to problems reliability of maintenance is increased, since mobile networks have inbuilt high availability and fault tolerance of services for example in contrast to the Internet, which is known to fail to deliver messages every now and then. Therefore timely receipt of alarms and response to them is more reliable when mobile network is used than if public network was used. [0022]
  • These and other features of the invention, as well as the advantages offered thereby, are described hereinafter with reference to embodiments illustrated in the accompanying drawings.[0023]
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 illustrates an example network topology, [0024]
  • FIGS. 2A and 2B illustrate example network topologies according to the invention, and [0025]
  • FIG. 3 illustrates still other example network topology according to the invention,[0026]
  • DETAILED DESCRIPTION OF THE INVENTION
  • FIG. 1 is discussed in more detail above in connection with the prior art description. [0027]
  • FIG. 2A illustrates an example network topology according to the invention. The second [0028] internal network 104 of FIG. 1 has a firewall 108 connecting it to the Internet 100. In the internal network there is connected a computer 112 with a full management user interface, using which the firewall 108 is managed The management user interface in computer 112 is the full management user interface according to the invention and is connected to the firewall by means of a fixed data connection.
  • The limited management user interface according to the invention is provided by means of a [0029] wireless device 200, which is connected to a wireless network 202, which may be any wireless communication network, such as GSM (Global System for Mobile communications), CDMA (Code-Division Multiple Access), US-TDMA (Time-Division Multiple Access), GPRS (General Packet Radio Service), WLAN (Wireless Local Area Network) or UMTS (Universal Mobile Telecommunications System) network. The wireless device 200 may be for example a general purpose mobile phone or a PDA (Personal Digital Assistant) or any future coming mobile terminal. Connected to the firewall 108, there is a wireless data device 208, the wireless data device 208 providing the connection from the firewall 108 to the wireless network 202. The wireless data device may be for example a general purpose mobile phone or just a black box containing functionality for sending and receiving data over air interface and for communicating data to and from the firewall.
  • FIG. 2B illustrates another example network topology according to the invention, where the scenario shown in FIG. 2A is illustrated with some alternative paths to connect the firewall to the [0030] wireless device 200 providing the limited management user interface are presented. These alternative paths include: connecting the wireless device 200 to the firewall 108 via the wireless network 202 and further via Internet 100, an ISDN (Integrated Services Digital Network) line 204 and modem 224 or a PSTN (Public Switched Telephone Network) line 206 and modem 224, while the Internet, ISDN line and PSTN line provide connection from the firewall 108 to the wireless network 202. These paths from the firewall to the wireless network are presented here as examples only and there may be also some other suitable way to connect the firewall to the wireless network. Additionally, only one of the presented connections is sufficient for providing the connection between the wireless device 200 and the firewall 108. Furthermore, the firewall 108 may be connected to some other networks as well, but these are not shown here for the sake of clarity.
  • FIG. 3 illustrates a more detailed presentation of an example arrangement according to the invention. A [0031] firewall application 222 is connected to the wireless device 200 providing the limited management user interface via the wireless data device 208 and wireless network 202 in a similar manner to FIGS. 2A and 2B. One possible implementation for the firewall application is shown within the block 222. The firewall module 220, which Is a module providing the actual firewall functionality, is connected to a Web server module 216, which is logically connected to an interface module 210 via a SMS Gateway (GW) module 212 or a WAP (Wireless Application Protocol) Gateway module 214. Another possibility is that the Web server module 216 is connected straight to the interface module 210. These elements 220, 216, 210, 212 and 214 can be implemented as one application running in one computer or other suitable device or every module (or some of the modules) may be implemented as separate applications and may be run in separate devices as well. The interface module 210 is further connected to the wireless device 200 in the same way as shown and discussed in connection with FIG. 2A.
  • In the following, the modules of the [0032] firewall application 222 in FIG. 3 are discussed further.
  • The purpose of the [0033] interface module 210 is to establish connection between the wireless data device 208 and the firewall module 220. The connection between the wireless data device 208 and the interface module may be for example by serial cable (RS-232). Thus, the interface module 210 receives data received and forwarded by the wireless data device 208. The interface module includes functionality for identifying the incoming traffic so that it can forward data according to WAP protocol to WAP GW, SMS data to SMS GW and HTTP (HyperText Transfer Protocol) data straight to the Web server module 216.
  • In order to send an SMS message to the limited management user interface in the [0034] wireless device 200 the SMS GW composes AT commands for commanding the wireless data device via the interface module 210. (AT commands are well known commands for controlling modems.) These commands are only forwarded to the wireless data device by the interface module.
  • Main purpose of the [0035] WAP GW 214 is to transfer data between different protocols, that is, to adapt WAP and HTTP protocol stacks to each other. In other words, the WAP GW includes modules for transferring WAP content from the wireless data device to HTTP content for the Web server module and for transferring HTTP content from the Web server module to WAP content for the wireless data device. However, the WAP GW is not needed if the Web server module understands WAP protocols and WML (Wireless Markup Language) used in WAP.
  • Similarly, the main purpose of the [0036] SMS GW 212 is to transform data from the web server module to a format suitable for an SMS connection and vice versa.
  • The Web server module provides WAP and HTTP content to the wireless data device via interface module and SMS or WAP GW. The Web server module may communicate with the [0037] firewall module 220 by using cgi-bin queries. Alternatively, there may be a dedicated application protocol between the firewall module and the Web server module.
  • Since correct operation of network security applications is critical to any organization, security in managing such applications over wireless interface according to the invention is an important issue. Since the device may be general purpose mobile terminal, which is used for other purposes as well, it is possible that also somebody else than the legitimate administrator of the network security application has access to the device. Therefore, it must be verified that the device sending the management commands is legitimate and that the user of the device is legitimate. To achieve this, the network security application may comprise mechanisms for authenticating the wireless device used for limited management and the person using said wireless device in the messages received from the limited management user interface to the network security application. [0038]
  • This can be done for example by allowing configuring which wireless devices may be used for limited management only via the full management user interface. Also the operations included in the limited managemenet user interface may be configured via the full management user interface. In other words, the full management user interface may comprise management operations for configuring the limited management user interface. Further, it may be required, that a response to an alarm comes from the same device where it was sent to, that is, the wireless device is authenticated by using subscriber number. Alternatively or additionally, it is possible to restrict the use of the limited management user interface only to responding to messages from the network security application by attaching into each message an authentication code to be replied in the response from the limited management user interface and Ignoring in the network security application all messages not including a valid authentication code. In addition, the persons sending the messages need to authenticate themselves in each message, for example by means of a pin (personal identification number) code, a Secur ID-card or by using a SIM (Subscriber Identification Module) card with encryption capabilities, such as PKI (Public Key Infrastructure) SIM, which uses asymmetric encryption (key pair of public and private key). [0039]
  • The management operations included in the limited management user interface may include receiving and acknowledging alerts. Sending alerts to a wireless device as a response to a predefined situation is known already in prior art, but there has not been possibility to acknowledge the alerts, therefore the alert may have been sent to a plurality of recipients or a plurality of times to each recipient in order to verify receipt of the alert. With the arrangement according to the invention flooding the recipients with unnecessary alerts is prevented. Therefore, the limited management user interface comprises management operations for acknowledging receipt of an alarm, that is, received alarms are acknowledged via the limited management user interface and after the acknowledgement the firewall “knows” that the alarm has been received. Legitimacy of the acknowledgement may be verified by including in the acknowledgement message an acknowledgement code obtained from the respective alert for binding together the alarm and the acknowledgement and for example a pin code identifying the person sending the acknowledgement. Also more secure authentication may be used for some management operations. For example PKI SIM may be used. [0040]
  • The network security applications usually generate and store log data in order to provide users an audit trail of the actions taken and things that have happened. Log data can be used for finding problems or detecting security flaws, etc. In order to find a reason for an alarm, the administrator of the network security application needs to explore the log data. According to the invention it is possible to view the log data fully via the full management user interface and in addition to view limited amount of the log data via the limited management user interface. As the amount of log data is often massive, it is not reasonable to provide all possible information via the limited management user interface. On contrary, the log data is filtered in order to find out the entries that are useful for solving a particular problem. For example, the entries generated during certain period of time or entries concerning particular service or particular user may be filtered out and shown via the limited management user interface. The limited management user interface may comprise a management action in which the administrator (or the user of the limited management user interface) may specify, how the log data is to be filtered, or the data may be filtered automatically on the basis of the details of a related alarm. [0041]
  • In order to facilitate managemenet operations via the limited management user interface a possibility to configure via the full management user interface scripts for most common command or request combinations to be run via the limited nmanagement user interface. This way it is possible to run complex command strings in the network security application with small amount of user commands via the limited management user interface. The user may need to give some parameters for running the scripts, though. [0042]
  • In general, the full management user interface comprises full scale of management operations for setting initial configuration of the network security application and for updating or modifying configuration of the network security application, and the limited management user interface comprises management operations for updating or modifying configuration of the network security application, but not for setting initial configuration of the network security application. [0043]
  • The network security application according to the invention may be implemented as a suitable combination of hardware and software. Typically the implementation is software program code executed in a processor unit combined with suitable memory resources. The limited management user interface may be provided in the wireless device for example by means of a dedicated application or via a general purpose browser, such as a web browser or a micro browser. [0044]
  • It must be appreciated that the invention is above described in connection with a firewall application by way of example only. The network security application to be managed according to the invention may clearly be any other network security application that requires constant maintenance. [0045]
  • It will be apparent for those skilled in the art that the illustrative embodiments described are only examples and that various modifications can be made within the scope of the invention as defined in the appended claims. [0046]

Claims (10)

1. An arrangement for managing a network security application comprising:
a full management user interface for conducting management operations for the network security application, and
a limited management user interface for conducting a limited number of management operations of the full management system for the network security application over a wireless remote connection.
2. An arrangement according to claim 1, wherein,
said full management user interface comprises management operations for setting initial configuration of the network security application and for updating or modifying configuration of the network security application, and
said limited management user interface comprises management operations for updating or modifying configuration of the network security application.
3. An arrangement according to claim 1 wherein,
the network security application comprises mechanisms for sending to the limited management user interface an alarm as a response to a predefined situation, and
said limited management user interface comprises management operations for acknowledging receipt of an alarm.
4. An arrangement according to claim 1, wherein
the network security application comprises memory and mechanisms for storing log data into the memory,
said full management user interface comprises management operations for viewing said log data, and
said limited management user interface comprises management operations for viewing limited amount of said log data.
5. An arrangement according to claim 1, wherein said wireless remote connection uses wireless application protocol (WAP).
6. An arrangement according to claim 1 wherein said wireless remote connection uses short message service (SMS) messages.
7. An arrangement according to claim 1 wherein said wireless remote connection uses HyperText Transfer Protocol (HTTP).
8. An arrangement according to claim 1, wherein,
the limited management user interface resides in a wireless device and the network security application comprises mechanisms for authenticating said wireless device and mechanisms for authenticating the person using said wireless device in the messages received from the limited management user interface to the network security application.
9. An arrangement according to claim 1, wherein,
said full management user interface comprises management operations for configuring said limited management user interface.
10. A network security application managed via a full management user interface, which comprises mechanisms for conducting management operations for the network security application, wherein the network security application is arranged to be managed also via a limited management user interface comprising mechanisms:
for conducting limited number of management operations of the full management user interface for the network security application over a wireless remote connection.
US09/973,561 2001-10-08 2001-10-08 Managing a network security application Expired - Lifetime US7392537B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US09/973,561 US7392537B2 (en) 2001-10-08 2001-10-08 Managing a network security application
EP02396151A EP1300984A3 (en) 2001-10-08 2002-10-04 Managing a network security application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US09/973,561 US7392537B2 (en) 2001-10-08 2001-10-08 Managing a network security application

Publications (2)

Publication Number Publication Date
US20030070084A1 true US20030070084A1 (en) 2003-04-10
US7392537B2 US7392537B2 (en) 2008-06-24

Family

ID=25521027

Family Applications (1)

Application Number Title Priority Date Filing Date
US09/973,561 Expired - Lifetime US7392537B2 (en) 2001-10-08 2001-10-08 Managing a network security application

Country Status (2)

Country Link
US (1) US7392537B2 (en)
EP (1) EP1300984A3 (en)

Cited By (73)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020059078A1 (en) * 2000-09-01 2002-05-16 Valdes Alfonso De Jesus Probabilistic alert correlation
US20030110398A1 (en) * 2001-11-29 2003-06-12 International Business Machines Corporation Method, computer program element and a system for processing alarms triggered by a monitoring system
US20030154287A1 (en) * 2002-02-13 2003-08-14 Gateway, Inc. Client-centered WEP settings on a LAN
US20030202662A1 (en) * 2002-04-25 2003-10-30 International Business Machines Corporation Protecting wireless local area networks from intrusion by eavesdropping on the eavesdroppers and dynamically reconfiguring encryption upon detection of intrusion
US20030212768A1 (en) * 2002-05-09 2003-11-13 Gateway, Inc. System and method for centralizing and synchronizing network configuration data
US20030233567A1 (en) * 2002-05-20 2003-12-18 Lynn Michael T. Method and system for actively defending a wireless LAN against attacks
US20030236990A1 (en) * 2002-05-20 2003-12-25 Scott Hrastar Systems and methods for network security
US20040008652A1 (en) * 2002-05-20 2004-01-15 Tanzella Fred C. System and method for sensing wireless LAN activity
US20040066311A1 (en) * 1999-08-09 2004-04-08 Power Measurement Ltd. Interactive user interface for a revenue meter
WO2003100559A3 (en) * 2002-05-20 2004-05-13 Airdefense Inc System and method for making managing wireless network activity
US20040098610A1 (en) * 2002-06-03 2004-05-20 Hrastar Scott E. Systems and methods for automated network policy exception detection and correction
US20040209634A1 (en) * 2003-04-21 2004-10-21 Hrastar Scott E. Systems and methods for adaptively scanning for wireless communications
US20040210654A1 (en) * 2003-04-21 2004-10-21 Hrastar Scott E. Systems and methods for determining wireless network topology
US20040209617A1 (en) * 2003-04-21 2004-10-21 Hrastar Scott E. Systems and methods for wireless network site survey systems and methods
US20040218602A1 (en) * 2003-04-21 2004-11-04 Hrastar Scott E. Systems and methods for dynamic sensor discovery and selection
US20040230677A1 (en) * 2003-05-16 2004-11-18 O'hara Roger John System and method for securely monitoring and managing network devices
US20040260801A1 (en) * 2003-02-12 2004-12-23 Actiontec Electronics, Inc. Apparatus and methods for monitoring and controlling network activity using mobile communications devices
US20050053241A1 (en) * 2003-04-04 2005-03-10 Chen-Huang Fan Network lock method and related apparatus with ciphered network lock and inerasable deciphering key
US20050144544A1 (en) * 2003-12-10 2005-06-30 Alcatel Mechanism for detection of attacks based on impersonation in a wireless network
US20050188194A1 (en) * 2003-10-07 2005-08-25 Koolspan, Inc. Automatic hardware-enabled virtual private network system
WO2006023613A2 (en) * 2004-08-18 2006-03-02 Axesstel, Inc. Using browser-controlled diagnostic channel to manage wireless data terminal devices
US20060085543A1 (en) * 2004-10-19 2006-04-20 Airdefense, Inc. Personal wireless monitoring agent
US20060156280A1 (en) * 2002-07-15 2006-07-13 Shigang Chen Method and apparatus for creating a network topograph that includes all select objects that are in a network
US20060173791A1 (en) * 2001-09-21 2006-08-03 First Usa Bank, N.A. System for providing cardless payment
US20060191300A1 (en) * 2003-08-25 2006-08-31 Lim Heon H Washing machine for both oil and water wash having self-diagnosing and networking function
US20070189194A1 (en) * 2002-05-20 2007-08-16 Airdefense, Inc. Method and System for Wireless LAN Dynamic Channel Change with Honeypot Trap
US20070199060A1 (en) * 2005-12-13 2007-08-23 Shlomo Touboul System and method for providing network security to mobile devices
US20070217371A1 (en) * 2006-03-17 2007-09-20 Airdefense, Inc. Systems and Methods for Wireless Security Using Distributed Collaboration of Wireless Clients
US20070218874A1 (en) * 2006-03-17 2007-09-20 Airdefense, Inc. Systems and Methods For Wireless Network Forensics
US20080052779A1 (en) * 2006-08-11 2008-02-28 Airdefense, Inc. Methods and Systems For Wired Equivalent Privacy and Wi-Fi Protected Access Protection
US20080148372A1 (en) * 2006-12-14 2008-06-19 General Instrument Corporation Method and Apparatus for Managing Configuration Settings in a Network
US7412516B1 (en) 2003-12-29 2008-08-12 Aol Llc Using a network bandwidth setting based on determining the network environment
US20080247380A1 (en) * 2007-04-09 2008-10-09 Lavigne Bruce E Locating original port information
US20080276302A1 (en) * 2005-12-13 2008-11-06 Yoggie Security Systems Ltd. System and Method for Providing Data and Device Security Between External and Host Devices
US20090021343A1 (en) * 2006-05-10 2009-01-22 Airdefense, Inc. RFID Intrusion Protection System and Methods
US7516475B1 (en) 2002-07-01 2009-04-07 Cisco Technology, Inc. Method and apparatus for managing security policies on a network
US20090126003A1 (en) * 2007-05-30 2009-05-14 Yoggie Security Systems, Inc. System And Method For Providing Network And Computer Firewall Protection With Dynamic Address Isolation To A Device
US20090249465A1 (en) * 2008-03-26 2009-10-01 Shlomo Touboul System and Method for Implementing Content and Network Security Inside a Chip
US20100037321A1 (en) * 2008-08-04 2010-02-11 Yoggie Security Systems Ltd. Systems and Methods for Providing Security Services During Power Management Mode
US7685013B2 (en) 1999-11-04 2010-03-23 Jpmorgan Chase Bank System and method for automatic financial project management
US7689504B2 (en) 2001-11-01 2010-03-30 Jpmorgan Chase Bank, N.A. System and method for establishing or modifying an account with user selectable terms
US7715800B2 (en) 2006-01-13 2010-05-11 Airdefense, Inc. Systems and methods for wireless intrusion detection using spectral analysis
US7756816B2 (en) 2002-10-02 2010-07-13 Jpmorgan Chase Bank, N.A. System and method for network-based project management
US20100212012A1 (en) * 2008-11-19 2010-08-19 Yoggie Security Systems Ltd. Systems and Methods for Providing Real Time Access Monitoring of a Removable Media Device
US7941533B2 (en) 2002-02-19 2011-05-10 Jpmorgan Chase Bank, N.A. System and method for single sign-on session management without central server
US20110131324A1 (en) * 2007-05-24 2011-06-02 Animesh Chaturvedi Managing network security
US7966496B2 (en) 1999-07-02 2011-06-21 Jpmorgan Chase Bank, N.A. System and method for single sign on process for websites with multiple applications and services
US7970013B2 (en) 2006-06-16 2011-06-28 Airdefense, Inc. Systems and methods for wireless network content filtering
US7987501B2 (en) 2001-12-04 2011-07-26 Jpmorgan Chase Bank, N.A. System and method for single session sign-on
US8160960B1 (en) 2001-06-07 2012-04-17 Jpmorgan Chase Bank, N.A. System and method for rapid updating of credit information
US8185940B2 (en) 2001-07-12 2012-05-22 Jpmorgan Chase Bank, N.A. System and method for providing discriminated content to network users
US8185877B1 (en) 2005-06-22 2012-05-22 Jpmorgan Chase Bank, N.A. System and method for testing applications
US8190893B2 (en) 2003-10-27 2012-05-29 Jp Morgan Chase Bank Portable security transaction protocol
US8301493B2 (en) 2002-11-05 2012-10-30 Jpmorgan Chase Bank, N.A. System and method for providing incentives to consumers to share information
US8321682B1 (en) 2008-01-24 2012-11-27 Jpmorgan Chase Bank, N.A. System and method for generating and managing administrator passwords
US8335855B2 (en) 2001-09-19 2012-12-18 Jpmorgan Chase Bank, N.A. System and method for portal infrastructure tracking
US8438086B2 (en) 2000-06-12 2013-05-07 Jpmorgan Chase Bank, N.A. System and method for providing customers with seamless entry to a remote server
US8473735B1 (en) 2007-05-17 2013-06-25 Jpmorgan Chase Systems and methods for managing digital certificates
US20130198646A1 (en) * 2004-02-20 2013-08-01 Microsoft Corporation Method and system for protecting user choices
US20130281005A1 (en) * 2012-04-19 2013-10-24 At&T Mobility Ii Llc Facilitation of security employing a femto cell access point
US8571975B1 (en) 1999-11-24 2013-10-29 Jpmorgan Chase Bank, N.A. System and method for sending money via E-mail over the internet
US8583926B1 (en) 2005-09-19 2013-11-12 Jpmorgan Chase Bank, N.A. System and method for anti-phishing authentication
US8793490B1 (en) 2006-07-14 2014-07-29 Jpmorgan Chase Bank, N.A. Systems and methods for multifactor authentication
US8849716B1 (en) 2001-04-20 2014-09-30 Jpmorgan Chase Bank, N.A. System and method for preventing identity theft or misuse by restricting access
US9419957B1 (en) 2013-03-15 2016-08-16 Jpmorgan Chase Bank, N.A. Confidence-based authentication
US9608826B2 (en) 2009-06-29 2017-03-28 Jpmorgan Chase Bank, N.A. System and method for partner key management
US9762614B2 (en) 2014-02-13 2017-09-12 Cupp Computing As Systems and methods for providing network security using a secure digital device
US9973501B2 (en) 2012-10-09 2018-05-15 Cupp Computing As Transaction security systems and methods
US10148726B1 (en) 2014-01-24 2018-12-04 Jpmorgan Chase Bank, N.A. Initiating operating system commands based on browser cookies
US10185936B2 (en) 2000-06-22 2019-01-22 Jpmorgan Chase Bank, N.A. Method and system for processing internet payments
US10275780B1 (en) 1999-11-24 2019-04-30 Jpmorgan Chase Bank, N.A. Method and apparatus for sending a rebate via electronic mail over the internet
US11157976B2 (en) 2013-07-08 2021-10-26 Cupp Computing As Systems and methods for providing digital content marketplace security
US20230354026A1 (en) * 2022-04-29 2023-11-02 Microsoft Technology Licensing, Llc Encrypted flow of sim data between regions and edge networks

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1297100C (en) * 2004-06-10 2007-01-24 李涛 System and method for phonetic configurating telecommunication apparatus
EP1829334A1 (en) * 2004-12-21 2007-09-05 QUALCOMM Incorporated Client assisted firewall configuration
US7526812B2 (en) * 2005-03-24 2009-04-28 Xerox Corporation Systems and methods for manipulating rights management data
US8887249B1 (en) * 2008-05-28 2014-11-11 Zscaler, Inc. Protecting against denial of service attacks using guard tables
US20120215957A1 (en) * 2011-02-17 2012-08-23 Byungcheol Cho Semiconductor storage device-based cache storage system
US11244058B2 (en) 2019-09-18 2022-02-08 Bank Of America Corporation Security tool

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5978850A (en) * 1997-07-02 1999-11-02 National Instruments Corporation System and method for accessing parameters in a fieldbus network using a tag parameters interface
US6047322A (en) * 1997-05-27 2000-04-04 Ukiah Software, Inc. Method and apparatus for quality of service management
US6212558B1 (en) * 1997-04-25 2001-04-03 Anand K. Antur Method and apparatus for configuring and managing firewalls and security devices
US6237031B1 (en) * 1997-03-25 2001-05-22 Intel Corporation System for dynamically controlling a network proxy
US6253211B1 (en) * 1997-07-26 2001-06-26 International Business Machines Corp. Replication tracking method and apparatus for a distributed data processing system
US6453353B1 (en) * 1998-07-10 2002-09-17 Entrust, Inc. Role-based navigation of information resources
US6496927B1 (en) * 1999-06-09 2002-12-17 Amx Corporation Method and configuring a user interface for controlling a controlled device based upon a device class
US6584508B1 (en) * 1999-07-13 2003-06-24 Networks Associates Technology, Inc. Advanced data guard having independently wrapped components
US6640097B2 (en) * 1999-12-13 2003-10-28 Markport Limited WAP service personalization, management and billing object oriented platform
US6678826B1 (en) * 1998-09-09 2004-01-13 Communications Devices, Inc. Management system for distributed out-of-band security databases
US6681232B1 (en) * 2000-06-07 2004-01-20 Yipes Enterprise Services, Inc. Operations and provisioning systems for service level management in an extended-area data communications network
US6766165B2 (en) * 2000-12-05 2004-07-20 Nortel Networks Limited Method and system for remote and local mobile network management
US6901439B1 (en) * 1999-01-22 2005-05-31 Leviton Manufacturing Co., Inc. Method of adding a device to a network
US6990548B1 (en) * 2000-06-15 2006-01-24 Hewlett-Packard Development Company, L.P. Methods and arrangements for configuring a printer over a wireless communication link using a wireless communication device

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6182142B1 (en) 1998-07-10 2001-01-30 Encommerce, Inc. Distributed access management of information resources
US6678827B1 (en) * 1999-05-06 2004-01-13 Watchguard Technologies, Inc. Managing multiple network security devices from a manager device
WO2001027787A1 (en) 1999-10-13 2001-04-19 Watchwire, Inc. Event monitoring and closed-loop response system

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6237031B1 (en) * 1997-03-25 2001-05-22 Intel Corporation System for dynamically controlling a network proxy
US6212558B1 (en) * 1997-04-25 2001-04-03 Anand K. Antur Method and apparatus for configuring and managing firewalls and security devices
US6047322A (en) * 1997-05-27 2000-04-04 Ukiah Software, Inc. Method and apparatus for quality of service management
US5978850A (en) * 1997-07-02 1999-11-02 National Instruments Corporation System and method for accessing parameters in a fieldbus network using a tag parameters interface
US6253211B1 (en) * 1997-07-26 2001-06-26 International Business Machines Corp. Replication tracking method and apparatus for a distributed data processing system
US6453353B1 (en) * 1998-07-10 2002-09-17 Entrust, Inc. Role-based navigation of information resources
US6678826B1 (en) * 1998-09-09 2004-01-13 Communications Devices, Inc. Management system for distributed out-of-band security databases
US6901439B1 (en) * 1999-01-22 2005-05-31 Leviton Manufacturing Co., Inc. Method of adding a device to a network
US6496927B1 (en) * 1999-06-09 2002-12-17 Amx Corporation Method and configuring a user interface for controlling a controlled device based upon a device class
US6584508B1 (en) * 1999-07-13 2003-06-24 Networks Associates Technology, Inc. Advanced data guard having independently wrapped components
US6640097B2 (en) * 1999-12-13 2003-10-28 Markport Limited WAP service personalization, management and billing object oriented platform
US6681232B1 (en) * 2000-06-07 2004-01-20 Yipes Enterprise Services, Inc. Operations and provisioning systems for service level management in an extended-area data communications network
US6990548B1 (en) * 2000-06-15 2006-01-24 Hewlett-Packard Development Company, L.P. Methods and arrangements for configuring a printer over a wireless communication link using a wireless communication device
US6766165B2 (en) * 2000-12-05 2004-07-20 Nortel Networks Limited Method and system for remote and local mobile network management

Cited By (176)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8590008B1 (en) 1999-07-02 2013-11-19 Jpmorgan Chase Bank, N.A. System and method for single sign on process for websites with multiple applications and services
US7966496B2 (en) 1999-07-02 2011-06-21 Jpmorgan Chase Bank, N.A. System and method for single sign on process for websites with multiple applications and services
US20040066311A1 (en) * 1999-08-09 2004-04-08 Power Measurement Ltd. Interactive user interface for a revenue meter
US7685013B2 (en) 1999-11-04 2010-03-23 Jpmorgan Chase Bank System and method for automatic financial project management
US10275780B1 (en) 1999-11-24 2019-04-30 Jpmorgan Chase Bank, N.A. Method and apparatus for sending a rebate via electronic mail over the internet
US8571975B1 (en) 1999-11-24 2013-10-29 Jpmorgan Chase Bank, N.A. System and method for sending money via E-mail over the internet
US8438086B2 (en) 2000-06-12 2013-05-07 Jpmorgan Chase Bank, N.A. System and method for providing customers with seamless entry to a remote server
US8458070B2 (en) 2000-06-12 2013-06-04 Jpmorgan Chase Bank, N.A. System and method for providing customers with seamless entry to a remote server
US10185936B2 (en) 2000-06-22 2019-01-22 Jpmorgan Chase Bank, N.A. Method and system for processing internet payments
US7917393B2 (en) 2000-09-01 2011-03-29 Sri International, Inc. Probabilistic alert correlation
US20020059078A1 (en) * 2000-09-01 2002-05-16 Valdes Alfonso De Jesus Probabilistic alert correlation
US8849716B1 (en) 2001-04-20 2014-09-30 Jpmorgan Chase Bank, N.A. System and method for preventing identity theft or misuse by restricting access
US10380374B2 (en) 2001-04-20 2019-08-13 Jpmorgan Chase Bank, N.A. System and method for preventing identity theft or misuse by restricting access
US8160960B1 (en) 2001-06-07 2012-04-17 Jpmorgan Chase Bank, N.A. System and method for rapid updating of credit information
US8185940B2 (en) 2001-07-12 2012-05-22 Jpmorgan Chase Bank, N.A. System and method for providing discriminated content to network users
US8335855B2 (en) 2001-09-19 2012-12-18 Jpmorgan Chase Bank, N.A. System and method for portal infrastructure tracking
US9646304B2 (en) 2001-09-21 2017-05-09 Jpmorgan Chase Bank, N.A. System for providing cardless payment
US7783578B2 (en) 2001-09-21 2010-08-24 Jpmorgan Chase Bank, N.A. System for providing cardless payment
US20060173791A1 (en) * 2001-09-21 2006-08-03 First Usa Bank, N.A. System for providing cardless payment
US8732072B2 (en) 2001-11-01 2014-05-20 Jpmorgan Chase Bank, N.A. System and method for establishing or modifying an account with user selectable terms
US20100179888A1 (en) * 2001-11-01 2010-07-15 Jpmorgan Chase Bank, N.A. System and method for establishing or modifying an account with user selectable terms
US7689504B2 (en) 2001-11-01 2010-03-30 Jpmorgan Chase Bank, N.A. System and method for establishing or modifying an account with user selectable terms
US8145522B2 (en) 2001-11-01 2012-03-27 Jpmorgan Chase Bank, N.A. System and method for establishing or modifying an account with user selectable terms
US20030110398A1 (en) * 2001-11-29 2003-06-12 International Business Machines Corporation Method, computer program element and a system for processing alarms triggered by a monitoring system
US7437762B2 (en) * 2001-11-29 2008-10-14 International Business Machines Corporation Method, computer program element and a system for processing alarms triggered by a monitoring system
US8615803B2 (en) 2001-11-29 2013-12-24 International Business Machines Corporation Method, computer program element and a system for processing alarms triggered by a monitoring system
US20080291018A1 (en) * 2001-11-29 2008-11-27 International Business Machines Corporation Method, computer program element and a system for processing alarms triggered by a monitoring system
US7987501B2 (en) 2001-12-04 2011-07-26 Jpmorgan Chase Bank, N.A. System and method for single session sign-on
US7451222B2 (en) * 2002-02-13 2008-11-11 Gateway Inc. Client-centered WEP settings on a LAN
US20030154287A1 (en) * 2002-02-13 2003-08-14 Gateway, Inc. Client-centered WEP settings on a LAN
US7941533B2 (en) 2002-02-19 2011-05-10 Jpmorgan Chase Bank, N.A. System and method for single sign-on session management without central server
US7140040B2 (en) * 2002-04-25 2006-11-21 International Business Machines Corporation Protecting wireless local area networks from intrusion by eavesdropping on the eavesdroppers and dynamically reconfiguring encryption upon detection of intrusion
US20030202662A1 (en) * 2002-04-25 2003-10-30 International Business Machines Corporation Protecting wireless local area networks from intrusion by eavesdropping on the eavesdroppers and dynamically reconfiguring encryption upon detection of intrusion
US20030212768A1 (en) * 2002-05-09 2003-11-13 Gateway, Inc. System and method for centralizing and synchronizing network configuration data
US20070192870A1 (en) * 2002-05-20 2007-08-16 Airdefense, Inc., A Georgia Corporation Method and system for actively defending a wireless LAN against attacks
US20030233567A1 (en) * 2002-05-20 2003-12-18 Lynn Michael T. Method and system for actively defending a wireless LAN against attacks
US7779476B2 (en) 2002-05-20 2010-08-17 Airdefense, Inc. Active defense against wireless intruders
US20070189194A1 (en) * 2002-05-20 2007-08-16 Airdefense, Inc. Method and System for Wireless LAN Dynamic Channel Change with Honeypot Trap
US20070094741A1 (en) * 2002-05-20 2007-04-26 Airdefense, Inc. Active Defense Against Wireless Intruders
US8060939B2 (en) 2002-05-20 2011-11-15 Airdefense, Inc. Method and system for securing wireless local area networks
US20030236990A1 (en) * 2002-05-20 2003-12-25 Scott Hrastar Systems and methods for network security
US20040008652A1 (en) * 2002-05-20 2004-01-15 Tanzella Fred C. System and method for sensing wireless LAN activity
WO2003100559A3 (en) * 2002-05-20 2004-05-13 Airdefense Inc System and method for making managing wireless network activity
US20040098610A1 (en) * 2002-06-03 2004-05-20 Hrastar Scott E. Systems and methods for automated network policy exception detection and correction
US7516475B1 (en) 2002-07-01 2009-04-07 Cisco Technology, Inc. Method and apparatus for managing security policies on a network
US20060156280A1 (en) * 2002-07-15 2006-07-13 Shigang Chen Method and apparatus for creating a network topograph that includes all select objects that are in a network
US8001475B2 (en) * 2002-07-15 2011-08-16 Cisco Technology, Inc. Method and apparatus for creating a network topograph that includes all select objects that are in a network
US7756816B2 (en) 2002-10-02 2010-07-13 Jpmorgan Chase Bank, N.A. System and method for network-based project management
US8301493B2 (en) 2002-11-05 2012-10-30 Jpmorgan Chase Bank, N.A. System and method for providing incentives to consumers to share information
US20040260801A1 (en) * 2003-02-12 2004-12-23 Actiontec Electronics, Inc. Apparatus and methods for monitoring and controlling network activity using mobile communications devices
US20050053241A1 (en) * 2003-04-04 2005-03-10 Chen-Huang Fan Network lock method and related apparatus with ciphered network lock and inerasable deciphering key
US7471794B2 (en) * 2003-04-04 2008-12-30 Qisda Corporation Network lock method and related apparatus with ciphered network lock and inerasable deciphering key
US20040210654A1 (en) * 2003-04-21 2004-10-21 Hrastar Scott E. Systems and methods for determining wireless network topology
US20040218602A1 (en) * 2003-04-21 2004-11-04 Hrastar Scott E. Systems and methods for dynamic sensor discovery and selection
US20040209617A1 (en) * 2003-04-21 2004-10-21 Hrastar Scott E. Systems and methods for wireless network site survey systems and methods
US20040209634A1 (en) * 2003-04-21 2004-10-21 Hrastar Scott E. Systems and methods for adaptively scanning for wireless communications
US20040230677A1 (en) * 2003-05-16 2004-11-18 O'hara Roger John System and method for securely monitoring and managing network devices
US20060191300A1 (en) * 2003-08-25 2006-08-31 Lim Heon H Washing machine for both oil and water wash having self-diagnosing and networking function
US7725933B2 (en) * 2003-10-07 2010-05-25 Koolspan, Inc. Automatic hardware-enabled virtual private network system
US20050188194A1 (en) * 2003-10-07 2005-08-25 Koolspan, Inc. Automatic hardware-enabled virtual private network system
US8190893B2 (en) 2003-10-27 2012-05-29 Jp Morgan Chase Bank Portable security transaction protocol
US20050144544A1 (en) * 2003-12-10 2005-06-30 Alcatel Mechanism for detection of attacks based on impersonation in a wireless network
US7409715B2 (en) * 2003-12-10 2008-08-05 Alcatel Lucent Mechanism for detection of attacks based on impersonation in a wireless network
US8271646B2 (en) 2003-12-29 2012-09-18 Aol Inc. Network scoring system and method
US7412516B1 (en) 2003-12-29 2008-08-12 Aol Llc Using a network bandwidth setting based on determining the network environment
US20100180293A1 (en) * 2003-12-29 2010-07-15 Aol Llc Network scoring system and method
US8635345B2 (en) 2003-12-29 2014-01-21 Aol Inc. Network scoring system and method
US20160342806A1 (en) * 2004-02-20 2016-11-24 Microsoft Technology Licensing, Llc Method And System For Protecting User Choices
US9443105B2 (en) * 2004-02-20 2016-09-13 Microsoft Technology Licensing, Llc Method and system for protecting user choices
US9934402B2 (en) * 2004-02-20 2018-04-03 Microsoft Technology Licensing, Llc Method and system for protecting user choices
US20130198646A1 (en) * 2004-02-20 2013-08-01 Microsoft Corporation Method and system for protecting user choices
WO2006023613A3 (en) * 2004-08-18 2007-08-30 Axesstel Inc Using browser-controlled diagnostic channel to manage wireless data terminal devices
US20060068839A1 (en) * 2004-08-18 2006-03-30 Henry Kim Using browser-controlled diagnostic channel to manage wireless data terminal devices
WO2006023613A2 (en) * 2004-08-18 2006-03-02 Axesstel, Inc. Using browser-controlled diagnostic channel to manage wireless data terminal devices
US20060085543A1 (en) * 2004-10-19 2006-04-20 Airdefense, Inc. Personal wireless monitoring agent
US8196199B2 (en) 2004-10-19 2012-06-05 Airdefense, Inc. Personal wireless monitoring agent
US8185877B1 (en) 2005-06-22 2012-05-22 Jpmorgan Chase Bank, N.A. System and method for testing applications
US8583926B1 (en) 2005-09-19 2013-11-12 Jpmorgan Chase Bank, N.A. System and method for anti-phishing authentication
US9661021B2 (en) 2005-09-19 2017-05-23 Jpmorgan Chase Bank, N.A. System and method for anti-phishing authentication
US9374366B1 (en) 2005-09-19 2016-06-21 Jpmorgan Chase Bank, N.A. System and method for anti-phishing authentication
US10027707B2 (en) 2005-09-19 2018-07-17 Jpmorgan Chase Bank, N.A. System and method for anti-phishing authentication
US10541969B2 (en) 2005-12-13 2020-01-21 Cupp Computing As System and method for implementing content and network security inside a chip
US9781164B2 (en) 2005-12-13 2017-10-03 Cupp Computing As System and method for providing network security to mobile devices
US8381297B2 (en) 2005-12-13 2013-02-19 Yoggie Security Systems Ltd. System and method for providing network security to mobile devices
US11461466B2 (en) 2005-12-13 2022-10-04 Cupp Computing As System and method for providing network security to mobile devices
US10417421B2 (en) 2005-12-13 2019-09-17 Cupp Computing As System and method for providing network security to mobile devices
US10621344B2 (en) 2005-12-13 2020-04-14 Cupp Computing As System and method for providing network security to mobile devices
US9497622B2 (en) 2005-12-13 2016-11-15 Cupp Computing As System and method for providing network security to mobile devices
US9747444B1 (en) 2005-12-13 2017-08-29 Cupp Computing As System and method for providing network security to mobile devices
US20150215282A1 (en) 2005-12-13 2015-07-30 Cupp Computing As System and method for implementing content and network security inside a chip
US10089462B2 (en) 2005-12-13 2018-10-02 Cupp Computing As System and method for providing network security to mobile devices
US20070199060A1 (en) * 2005-12-13 2007-08-23 Shlomo Touboul System and method for providing network security to mobile devices
US20080276302A1 (en) * 2005-12-13 2008-11-06 Yoggie Security Systems Ltd. System and Method for Providing Data and Device Security Between External and Host Devices
US10313368B2 (en) 2005-12-13 2019-06-04 Cupp Computing As System and method for providing data and device security between external and host devices
US8627452B2 (en) 2005-12-13 2014-01-07 Cupp Computing As System and method for providing network security to mobile devices
US10839075B2 (en) 2005-12-13 2020-11-17 Cupp Computing As System and method for providing network security to mobile devices
US11822653B2 (en) 2005-12-13 2023-11-21 Cupp Computing As System and method for providing network security to mobile devices
US7715800B2 (en) 2006-01-13 2010-05-11 Airdefense, Inc. Systems and methods for wireless intrusion detection using spectral analysis
US7971251B2 (en) 2006-03-17 2011-06-28 Airdefense, Inc. Systems and methods for wireless security using distributed collaboration of wireless clients
US20070217371A1 (en) * 2006-03-17 2007-09-20 Airdefense, Inc. Systems and Methods for Wireless Security Using Distributed Collaboration of Wireless Clients
US20070218874A1 (en) * 2006-03-17 2007-09-20 Airdefense, Inc. Systems and Methods For Wireless Network Forensics
US20090021343A1 (en) * 2006-05-10 2009-01-22 Airdefense, Inc. RFID Intrusion Protection System and Methods
US7970013B2 (en) 2006-06-16 2011-06-28 Airdefense, Inc. Systems and methods for wireless network content filtering
US8793490B1 (en) 2006-07-14 2014-07-29 Jpmorgan Chase Bank, N.A. Systems and methods for multifactor authentication
US9679293B1 (en) 2006-07-14 2017-06-13 Jpmorgan Chase Bank, N.A. Systems and methods for multifactor authentication
US9240012B1 (en) 2006-07-14 2016-01-19 Jpmorgan Chase Bank, N.A. Systems and methods for multifactor authentication
US8281392B2 (en) 2006-08-11 2012-10-02 Airdefense, Inc. Methods and systems for wired equivalent privacy and Wi-Fi protected access protection
US20080052779A1 (en) * 2006-08-11 2008-02-28 Airdefense, Inc. Methods and Systems For Wired Equivalent Privacy and Wi-Fi Protected Access Protection
US20080148372A1 (en) * 2006-12-14 2008-06-19 General Instrument Corporation Method and Apparatus for Managing Configuration Settings in a Network
US7634565B2 (en) * 2006-12-14 2009-12-15 General Instrument Corporation System authorizing a remote agent using a temporary password to manage configuration settings of a device and invalidating it after a fixed time interval
US11652829B2 (en) 2007-03-05 2023-05-16 Cupp Computing As System and method for providing data and device security between external and host devices
US10999302B2 (en) 2007-03-05 2021-05-04 Cupp Computing As System and method for providing data and device security between external and host devices
US10567403B2 (en) 2007-03-05 2020-02-18 Cupp Computing As System and method for providing data and device security between external and host devices
US10419459B2 (en) 2007-03-05 2019-09-17 Cupp Computing As System and method for providing data and device security between external and host devices
US7570640B2 (en) * 2007-04-09 2009-08-04 Hewlett-Packard Development Company, L.P. Locating original port information
US20080247380A1 (en) * 2007-04-09 2008-10-09 Lavigne Bruce E Locating original port information
US8473735B1 (en) 2007-05-17 2013-06-25 Jpmorgan Chase Systems and methods for managing digital certificates
US8726011B1 (en) 2007-05-17 2014-05-13 Jpmorgan Chase Bank, N.A. Systems and methods for managing digital certificates
US8341739B2 (en) * 2007-05-24 2012-12-25 Foundry Networks, Llc Managing network security
US8650295B2 (en) 2007-05-24 2014-02-11 Foundry Networks, Llc Managing network security
US20110131324A1 (en) * 2007-05-24 2011-06-02 Animesh Chaturvedi Managing network security
US8365272B2 (en) * 2007-05-30 2013-01-29 Yoggie Security Systems Ltd. System and method for providing network and computer firewall protection with dynamic address isolation to a device
US20170155682A1 (en) * 2007-05-30 2017-06-01 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US9756079B2 (en) * 2007-05-30 2017-09-05 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US20090126003A1 (en) * 2007-05-30 2009-05-14 Yoggie Security Systems, Inc. System And Method For Providing Network And Computer Firewall Protection With Dynamic Address Isolation To A Device
US9391956B2 (en) * 2007-05-30 2016-07-12 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US10284603B2 (en) * 2007-05-30 2019-05-07 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US10951659B2 (en) 2007-05-30 2021-03-16 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US11757941B2 (en) 2007-05-30 2023-09-12 CUPP Computer AS System and method for providing network and computer firewall protection with dynamic address isolation to a device
US20180152479A1 (en) * 2007-05-30 2018-05-31 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US10904293B2 (en) 2007-05-30 2021-01-26 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US20180302444A1 (en) * 2007-05-30 2018-10-18 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US10057295B2 (en) * 2007-05-30 2018-08-21 Cupp Computing As System and method for providing network and computer firewall protection with dynamic address isolation to a device
US8549315B2 (en) 2008-01-24 2013-10-01 Jpmorgan Chase Bank, N.A. System and method for generating and managing administrator passwords
US8321682B1 (en) 2008-01-24 2012-11-27 Jpmorgan Chase Bank, N.A. System and method for generating and managing administrator passwords
US11757835B2 (en) 2008-03-26 2023-09-12 Cupp Computing As System and method for implementing content and network security inside a chip
US20090249465A1 (en) * 2008-03-26 2009-10-01 Shlomo Touboul System and Method for Implementing Content and Network Security Inside a Chip
US11050712B2 (en) 2008-03-26 2021-06-29 Cupp Computing As System and method for implementing content and network security inside a chip
US8869270B2 (en) 2008-03-26 2014-10-21 Cupp Computing As System and method for implementing content and network security inside a chip
US8631488B2 (en) 2008-08-04 2014-01-14 Cupp Computing As Systems and methods for providing security services during power management mode
US9106683B2 (en) 2008-08-04 2015-08-11 Cupp Computing As Systems and methods for providing security services during power management mode
US10951632B2 (en) 2008-08-04 2021-03-16 Cupp Computing As Systems and methods for providing security services during power management mode
US9843595B2 (en) 2008-08-04 2017-12-12 Cupp Computing As Systems and methods for providing security services during power management mode
US9516040B2 (en) 2008-08-04 2016-12-06 Cupp Computing As Systems and methods for providing security services during power management mode
US10084799B2 (en) 2008-08-04 2018-09-25 Cupp Computing As Systems and methods for providing security services during power management mode
US10404722B2 (en) 2008-08-04 2019-09-03 Cupp Computing As Systems and methods for providing security services during power management mode
US20100037321A1 (en) * 2008-08-04 2010-02-11 Yoggie Security Systems Ltd. Systems and Methods for Providing Security Services During Power Management Mode
US11775644B2 (en) 2008-08-04 2023-10-03 Cupp Computing As Systems and methods for providing security services during power management mode
US11449613B2 (en) 2008-08-04 2022-09-20 Cupp Computing As Systems and methods for providing security services during power management mode
US20100212012A1 (en) * 2008-11-19 2010-08-19 Yoggie Security Systems Ltd. Systems and Methods for Providing Real Time Access Monitoring of a Removable Media Device
US10417400B2 (en) 2008-11-19 2019-09-17 Cupp Computing As Systems and methods for providing real time security and access monitoring of a removable media device
US11604861B2 (en) 2008-11-19 2023-03-14 Cupp Computing As Systems and methods for providing real time security and access monitoring of a removable media device
US8789202B2 (en) 2008-11-19 2014-07-22 Cupp Computing As Systems and methods for providing real time access monitoring of a removable media device
US11036836B2 (en) 2008-11-19 2021-06-15 Cupp Computing As Systems and methods for providing real time security and access monitoring of a removable media device
US10762501B2 (en) 2009-06-29 2020-09-01 Jpmorgan Chase Bank, N.A. System and method for partner key management
US9608826B2 (en) 2009-06-29 2017-03-28 Jpmorgan Chase Bank, N.A. System and method for partner key management
US9166732B2 (en) * 2012-04-19 2015-10-20 At&T Mobility Ii Llc Facilitation of security employing a femto cell access point
US20160056915A1 (en) * 2012-04-19 2016-02-25 At&T Mobility Ii Llc Facilitation of security employing a femto cell access point
US9485051B2 (en) * 2012-04-19 2016-11-01 At&T Mobility Ii Llc Facilitation of security employing a femto cell access point
US20130281005A1 (en) * 2012-04-19 2013-10-24 At&T Mobility Ii Llc Facilitation of security employing a femto cell access point
US10397227B2 (en) 2012-10-09 2019-08-27 Cupp Computing As Transaction security systems and methods
US10904254B2 (en) 2012-10-09 2021-01-26 Cupp Computing As Transaction security systems and methods
US9973501B2 (en) 2012-10-09 2018-05-15 Cupp Computing As Transaction security systems and methods
US11757885B2 (en) 2012-10-09 2023-09-12 Cupp Computing As Transaction security systems and methods
US10339294B2 (en) 2013-03-15 2019-07-02 Jpmorgan Chase Bank, N.A. Confidence-based authentication
US9419957B1 (en) 2013-03-15 2016-08-16 Jpmorgan Chase Bank, N.A. Confidence-based authentication
US11157976B2 (en) 2013-07-08 2021-10-26 Cupp Computing As Systems and methods for providing digital content marketplace security
US10686864B2 (en) 2014-01-24 2020-06-16 Jpmorgan Chase Bank, N.A. Initiating operating system commands based on browser cookies
US10148726B1 (en) 2014-01-24 2018-12-04 Jpmorgan Chase Bank, N.A. Initiating operating system commands based on browser cookies
US10666688B2 (en) 2014-02-13 2020-05-26 Cupp Computing As Systems and methods for providing network security using a secure digital device
US11316905B2 (en) 2014-02-13 2022-04-26 Cupp Computing As Systems and methods for providing network security using a secure digital device
US10291656B2 (en) 2014-02-13 2019-05-14 Cupp Computing As Systems and methods for providing network security using a secure digital device
US11743297B2 (en) 2014-02-13 2023-08-29 Cupp Computing As Systems and methods for providing network security using a secure digital device
US9762614B2 (en) 2014-02-13 2017-09-12 Cupp Computing As Systems and methods for providing network security using a secure digital device
US20180205760A1 (en) 2014-02-13 2018-07-19 Cupp Computing As Systems and methods for providing network security using a secure digital device
US20230354026A1 (en) * 2022-04-29 2023-11-02 Microsoft Technology Licensing, Llc Encrypted flow of sim data between regions and edge networks

Also Published As

Publication number Publication date
EP1300984A3 (en) 2005-07-20
US7392537B2 (en) 2008-06-24
EP1300984A2 (en) 2003-04-09

Similar Documents

Publication Publication Date Title
US7392537B2 (en) Managing a network security application
US11659385B2 (en) Method and system for peer-to-peer enforcement
KR101359324B1 (en) System for enforcing security policies on mobile communications devices
WO2019184736A1 (en) Access authentication method and device, and server
EP2036305B1 (en) Communication network application activity monitoring and control
Greenwald et al. Designing an academic firewall: Policy, practice, and experience with surf
US7533409B2 (en) Methods and systems for firewalling virtual private networks
US6529513B1 (en) Method of using static maps in a virtual private network
JP3492865B2 (en) Mobile computer device and packet encryption authentication method
Cynthia et al. Security protocols for IoT
US20080178278A1 (en) Providing A Generic Gateway For Accessing Protected Resources
US20080072291A1 (en) Secure management access control for computers, embedded and card embodiment
Oniga et al. Analysis, design and implementation of secure LoRaWAN sensor networks
US20080244716A1 (en) Telecommunication system, telecommunication method, terminal thereof, and remote access server thereof
FI109254B (en) Method, system and device for verification
KR101252787B1 (en) Security management system with multiple gateway servers and method thereof
CN111212034B (en) MQTT-based internal and external network data communication system and method thereof
US20040199647A1 (en) Method and system for preventing unauthorized action in an application and network management software environment
WO2001033889A1 (en) Cellular data system security method and apparatus
US20030065953A1 (en) Proxy unit, method for the computer-assisted protection of an application server program, a system having a proxy unit and a unit for executing an application server program
JP2000163283A (en) Remote site computer monitor system
Cisco Managing the System
Zhuge et al. Security mechanisms for wireless home network
US7613195B2 (en) Method and system for managing computer networks
JP3909289B2 (en) Voluntary virtual private network between portable device and corporate network

Legal Events

Date Code Title Description
AS Assignment

Owner name: STONESOFT OY, FINLAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SATOMAA, JARI;PUDAS, HANNU;JALAVA, MIKA;REEL/FRAME:012573/0698

Effective date: 20011026

STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Free format text: PAT HOLDER NO LONGER CLAIMS SMALL ENTITY STATUS, ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: STOL); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Free format text: PAYER NUMBER DE-ASSIGNED (ORIGINAL EVENT CODE: RMPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FPAY Fee payment

Year of fee payment: 8

AS Assignment

Owner name: WEBSENSE FINLAND OY, FINLAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:STONESOFT OY;REEL/FRAME:037796/0134

Effective date: 20160113

AS Assignment

Owner name: FORCEPOINT FINLAND OY, FINLAND

Free format text: CHANGE OF NAME;ASSIGNOR:WEBSENSE FINLAND OY;REEL/FRAME:038447/0441

Effective date: 20160209

AS Assignment

Owner name: FORCEPOINT LLC, TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:FORCEPOINT FINLAND OY;REEL/FRAME:043156/0547

Effective date: 20170728

AS Assignment

Owner name: RAYTHEON COMPANY, MASSACHUSETTS

Free format text: PATENT SECURITY AGREEMENT SUPPLEMENT;ASSIGNOR:FORCEPOINT LLC;REEL/FRAME:045312/0043

Effective date: 20180212

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12

AS Assignment

Owner name: FORCEPOINT LLC, TEXAS

Free format text: RELEASE OF SECURITY INTEREST IN PATENTS;ASSIGNOR:RAYTHEON COMPANY;REEL/FRAME:055452/0220

Effective date: 20210108

AS Assignment

Owner name: CREDIT SUISSE AG, CAYMAN ISLANDS BRANCH, AS COLLATERAL AGENT, NEW YORK

Free format text: PATENT SECURITY AGREEMENT;ASSIGNORS:REDOWL ANALYTICS, INC.;FORCEPOINT LLC;REEL/FRAME:055052/0302

Effective date: 20210108

AS Assignment

Owner name: FORCEPOINT FEDERAL HOLDINGS LLC, TEXAS

Free format text: CHANGE OF NAME;ASSIGNOR:FORCEPOINT LLC;REEL/FRAME:056183/0265

Effective date: 20210401

AS Assignment

Owner name: FORCEPOINT LLC, TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:FORCEPOINT FEDERAL HOLDINGS LLC;REEL/FRAME:056272/0475

Effective date: 20210401